If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

PA-DSS and Upcoming New Releases

There has been a lot of buzz and speculation lately about what’s happening with Zen Cart development activities. Here’s an update:

If you’ve been around the Zen Cart community anytime in the last year, you would have seen the fact that we released a new version, v1.3.9, and over the ensuing months we published several minor-step updates to address known/discovered bugs.
We’ve also been working on PA-DSS certification, preparing a v1.5.0 beta, and of course continuing work on the development of the much-anticipated v2.0 product.

THANKS
Before addressing these items in more detail, we’d like to take a moment and thank everyone who has been a participant in the Zen Cart community, whether by merely using our software to run your website, or participating in our forums and posting and answering questions, or writing free addons for the community-at-large to use for enhancing the functionality of their own sites, or privately reporting security matters to the development team, or using services provided by our recommended partners, or donating to the Zen Cart project. All of you collectively are what makes the Zen Cart community the great place that it is. We appreciate all of you and are grateful that you have generously given of your time and intellectual property to help everyone else grow and succeed alongside you.

RECENT RELEASES
As mentioned, in 2010 we released v1.3.9, along with a number of small updates throughout the year to address bugs reported by our users via the forum. We continue to actively support our software, not only in terms of bug analysis and fixing, but also with daily assistance to those of you using our software to run your websites.

PA-DSS
As if that didn’t have us busy enough, we’ve also been undergoing a number of internal changes in keeping with the requirements for attaining PA-DSS certification. This isn’t just a rubber-stamp. It’s a significant undertaking which requires ensuring that code development procedures and standards are well defined, security is understood and best practices observed, certain internal documentation is prepared and maintained, as well as certain user-documentation is prepared and maintained. So, there’s been a lot of work going on behind-the-scenes.

Further to that, for PA-DSS certification there are a number of application coding changes required to satisfy PCI demands, including password changes for administrators, access controls for each admin user (akin to the popular “admin profiles” addon), as well as a number of internal coding improvements. And all that is followed by an intense security audit of the code and penetration testing to ensure there are no holes for hackers to exploit. As you can imagine, all of this takes considerable time and resources.

BETA
We will be sharing a beta release for v1.5.0 to help iron out any bugs before final code certification is done for PA-DSS, with the goal of releasing v1.5.0 as fully PA-DSS certified. This will make Zen Cart the first free Open Source Ecommerce Solution that is fully PA-DSS certified. You can imagine we’re pretty excited about this, especially after the many long months of work that has gone into getting to this point.

ONGOING
And, of course, while all this has been going on we’ve also been continually working on coding for v2.0, including things like rewriting the admin for easier usability, improved plugin architecture, and much much much much much more.

WHAT’S AHEAD?
So, in the coming months you can expect:

a) Continued support of v1.3.9 as necessary. No updates are expected unless a very serious bug warrants it.
b) a v1.5.0 BETA release
c) The Final v1.5.0 Officially PA-DSS Certified release
d) And we will continue working on v2.0, which will be released when it’s ready.

Thanks for reading. We’re excited about the days ahead, and look forward to continuing to prepare great software to run your great websites. Thanks for your continued support and participation in the Zen Cart community.

The Zen Cart Team

QUESTIONS ...

WHEN?
As you’ve seen us say around here time and again, “It’ll be ready when it’s ready.”
We’re not in the habit of posting release dates, and we will not be posting dates for any of the above releases either.
And, we’re not in the habit of holding back code that’s ready for release, unless maybe if it’s a full moon.

WHAT VERSION SHOULD I USE ON MY NEXT SITE UPDATE? SHOULD I WAIT FOR THE NEXT VERSION?
You should always use the currently-released version for any site you’re working on.
You should NOT delay your plans indefinitely in anticipation of any new release.
Use what’s available *today*, and you’ll have the best available product for the task.
Remember, major version-updates are likely to start out as a beta first, which will give time for addons and templates etc to be developed for compatibility as well as sorting out any critical bugs, and that will give you time to put plans in place for considering when you’ll upgrade your site to the next version. So, using the *current* version *today* is your best strategy.

You should NOT use beta versions on LIVE websites.

DETAILS?
For those of you itching for a list of features or changes in any upcoming versions, you’ll have to wait until the official release announcements. Please don’t go starting lengthy threads or blog posts begging or speculating, as it will serve no purpose other than to confuse and frustrate people.
We’ll announce the important information that you need to know when it’s time for those details to be shared.
In the meantime, we’d like to concentrate our efforts on development.

Remember: Any code suggestions you see here are merely suggestions. You assume full responsibility for your use of any such suggestions, including any impact ANY alterations you make to your site may have on your PCI compliance.
Furthermore, any advice you see here about PCI matters is merely an opinion, and should not be relied upon as "official". Official PCI information should be obtained from the PCI Security Council directly or from one of their authorized Assessors.